CVE-2023-36817

Name of the Vulnerable Software and Affected Versions tktchurch/website version 0.1.0

Description The codebase for The King's Temple Church website contains a Stripe API key that was unintentionally committed and exposed. This sensitive information could be used by unauthorized parties to carry out transactions on behalf of the organization, leading to financial losses, and access sensitive customer information, resulting in privacy violations and potential legal implications. The affected component is the codebase, specifically the file(s) where the Stripe API key is embedded.

Recommendations For version 0.1.0, the maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and ensure it is not committed to the codebase. As a temporary workaround, consider restricting access to the affected file(s) where the Stripe API key is embedded until the issue is resolved.